M
Moirty
Windows defender periodically finds a Trojan in a .htm file in my Windows Communications appdata area (see attachment). You will notice that the file is in the Attachments folder. Windows defender seems to delete this threat but after a few days or a couple weeks, the threat will return in the exact same location.
I have no evidence that the Trojan is actually running on my computer. I believe it is just sitting in the file waiting to be executed. I have not knowingly run this file and am usually careful about phishing attacks.
Only Microsoft Defender will find it. I tried using Malwarebytes, Bitdefender and Microsoft Safety Scanner. None of these even finds it.
MS-Defender says that it is successful at removing it and a scan immediately after the clean will not find the Trojan.
A few troubleshooting actions to date:
I currently run a daily scan of the appdata\package folder so that I can identify when the file returns.
MS-Surface Pro i7/16GB/512GB with all Windows 10 Pro updates completed.
Office 365 environment with most all files stored in OneDrive or SharePoint.
Thank you for any further thoughts on this issue.
-bs
Continue reading...
I have no evidence that the Trojan is actually running on my computer. I believe it is just sitting in the file waiting to be executed. I have not knowingly run this file and am usually careful about phishing attacks.
Only Microsoft Defender will find it. I tried using Malwarebytes, Bitdefender and Microsoft Safety Scanner. None of these even finds it.
MS-Defender says that it is successful at removing it and a scan immediately after the clean will not find the Trojan.
A few troubleshooting actions to date:
- Have removed the threat and immediately opened all known Microsoft communications programs (Outlook, Windows Calendar/Mail, Skype, Skype-Biz, Teams). I then reran a scan but did not find the Trojan. Nevertheless, it did return a couple weeks later.
- I have started my computer in Safe Mode and deleted the entire package folder. After rebooting, the Trojan is no longer found by Defender. However, the folder and its content is eventually recreated along with the Trojan threat.
- I had a case opened at Microsoft (who more-or-less had me repeat everything I had already done). MS ultimately recommended that I rebuild/refresh my entire computer. I am not adverse to doing this but I am worried that since the Trojan appears to be in an attachment within Windows communications, it will simply return. I do not want to waste my time.
I currently run a daily scan of the appdata\package folder so that I can identify when the file returns.
MS-Surface Pro i7/16GB/512GB with all Windows 10 Pro updates completed.
Office 365 environment with most all files stored in OneDrive or SharePoint.
Thank you for any further thoughts on this issue.
-bs
Continue reading...